Security
Security
Kopete is vulnerable to several input validation vulnerabilities which may lead to execution of arbitrary code.
| Package | kde-base/kdenetwork on all architectures |
|---|---|
| Affected versions | < 3.4.1-r1 |
| Unaffected versions | >= 3.4.1-r1 revision >= 3.3.2-r2 |
| Package | kde-base/kopete on all architectures |
|---|---|
| Affected versions | < 3.4.1-r1 |
| Unaffected versions | >= 3.4.1-r1 |
KDE is a feature-rich graphical desktop environment for Linux and Unix-like Operating Systems. Kopete (also part of kdenetwork) is the KDE Instant Messenger.
Kopete contains an internal copy of libgadu and is therefore subject to several input validation vulnerabilities in libgadu.
A remote attacker could exploit this vulnerability to execute arbitrary code or crash Kopete.
Delete all Gadu Gadu contacts.
All Kopete users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose kde-base/kdenetwork
All KDE Split Ebuild Kopete users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=kde-base/kopete-3.4.1-r1"
Release date
July 25, 2005
Latest revision
July 25, 2005: 01
Severity
high
Exploitable
remote
Bugzilla entries